Sha256: 24c0c6782ad1aafa25195150c9392eb86d09dff200efc926db79f9e43f6050b4
Contents?: true
Size: 1.95 KB
Versions: 6
Compression:
Stored size: 1.95 KB
Contents
require "yaml"
module Codebuild
class Role
include Codebuild::Dsl::Role
include Evaluate
include Variables
def initialize(options={})
@options = options
@role_path = options[:role_path] || get_role_path
@properties = default_properties
@iam_policy = {}
end
def run
load_variables
evaluate(@role_path) if File.exist?(@role_path)
@properties[:policies] = [{
policy_name: "CodeBuildAccess",
policy_document: {
version: "2012-10-17",
statement: derived_iam_statements
}
}]
if @managed_policy_arns && !@managed_policy_arns.empty?
@properties[:managed_policy_arns] = @managed_policy_arns
else
@properties[:managed_policy_arns] = default_managed_policy_arns
end
resource = {
IamRole: {
type: "AWS::IAM::Role",
properties: @properties
}
}
CfnCamelizer.transform(resource)
end
private
def get_role_path
lookup_codebuild_file("role.rb")
end
def default_properties
{
assume_role_policy_document: {
statement: [{
action: ["sts:AssumeRole"],
effect: "Allow",
principal: {
service: ["codebuild.amazonaws.com"]
}
}],
version: "2012-10-17"
},
path: "/"
}
end
def derived_iam_statements
@iam_statements || default_iam_statements
end
def default_iam_statements
[{
action: [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ssm:DescribeDocumentParameters",
"ssm:DescribeParameters",
"ssm:GetParameter*",
],
effect: "Allow",
resource: "*"
}]
end
def default_managed_policy_arns
# Useful when using with CodePipeline
["arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"]
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems